公开(公告)号：US08468208B2

公开(公告)日：2013-06-18

申请号：US13532061

申请日：2012-06-25

申请人： John Fred Davis ,  Kevin David Himberger ,  Clark Debs Jeffries ,  Garreth Joseph Jeremiah

发明人： John Fred Davis ,  Kevin David Himberger ,  Clark Debs Jeffries ,  Garreth Joseph Jeremiah

IPC分类号： G06F15/16

CPC分类号： H04L63/0236 ,  H04L51/12 ,  H04L63/0263

摘要： A system, method and program product for blocking unwanted e-mails. An e-mail is identified as unwanted. A source IP address of the unwanted e-mail is determined. Other source IP addresses owned or registered by an owner or registrant of the source IP address of the unwanted e-mail are determined. Subsequent e-mails from the source IP address and the other IP addresses are blocked. This will thwart a spammer who shifts to a new source IP address when its spam is blocked from one source IP address.

摘要翻译： 用于阻止不必要的电子邮件的系统，方法和程序产品。 电子邮件被标识为不需要的。 确定不需要的电子邮件的源IP地址。 确定不想要的电子邮件的源IP地址的所有者或注册人拥有或注册的其他源IP地址。 源IP地址和其他IP地址的后续电子邮件被阻止。 这将阻止垃圾邮件发送者转移到新的源IP地址，当其垃圾邮件被一个源IP地址阻止时。

公开(公告)号：US08478831B2

公开(公告)日：2013-07-02

申请号：US13415495

申请日：2012-03-08

申请人： John Fred Davis ,  Kevin David Himberger ,  Clark Debs Jeffries ,  Garreth Joseph Jeremiah

发明人： John Fred Davis ,  Kevin David Himberger ,  Clark Debs Jeffries ,  Garreth Joseph Jeremiah

IPC分类号： G06F15/16 ,  G06F15/173

CPC分类号： H04L51/12 ,  G06Q10/107

摘要： Managing e-mails from a source suspected of sending spam. The e-mails are received at a firewall or router en route to a mail server. A determination is made whether a source has sent an e-mail which exhibits characteristics of spam. In response, subsequent e-mails from the source destined for the mail server are rate-limiting at the firewall or router such that the firewall or router limits a rate at which the subsequent e-mails are forwarded from the firewall or router to the mail server. The rate limit can be a limit on a number of e-mails per unit of time from the source that will be forwarded from the firewall or router to the mail server.

摘要翻译： 管理来自怀疑发送垃圾邮件的邮件的电子邮件。 电子邮件在路由到邮件服务器的防火墙或路由器上收到。 确定来源是否发送了展示垃圾邮件特性的电子邮件。 作为回应，来自目的地为邮件服务器的源的后续电子邮件在防火墙或路由器上是速率限制的，使得防火墙或路由器限制后续电子邮件从防火墙或路由器转发到邮件的速率 服务器。 速率限制可以限制从将从防火墙或路由器转发到邮件服务器的源的每单位时间的电子邮件数量。

公开(公告)号：US20130067562A1

公开(公告)日：2013-03-14

申请号：US13415495

申请日：2012-03-08

申请人： John Fred Davis ,  Kevin David Himberger ,  Clark Debs Jeffries ,  Garreth Joseph Jeremiah

发明人： John Fred Davis ,  Kevin David Himberger ,  Clark Debs Jeffries ,  Garreth Joseph Jeremiah

IPC分类号： G06F21/00

CPC分类号： H04L51/12 ,  G06Q10/107

摘要： A system, method and program product for managing e-mails from a source suspected of sending spam. The e-mails are received at a firewall or router en route to a mail server. A determination is made whether a source has sent an e-mail which exhibits characteristics of spam. In response, subsequent e-mails from the source destined for the mail server are rate-limiting at the firewall or router such that the firewall or router limits a rate at which the subsequent e-mails are forwarded from the firewall or router to the mail server. The rate is predetermined and less than a maximum rate at which the firewall or router can physically forward e-mails to the mail server absent the rate limit. A determination is made whether another source has sent another e-mail which exhibits more characteristics of spam than the first said e-mail. In response, subsequent e-mails from this other source are blocked at the firewall or router. The rate limit can be a limit on a number of e-mails per unit of time from the source that will be forwarded from the firewall or router to the mail server.

摘要翻译： 用于管理来自怀疑发送垃圾邮件的来源的电子邮件的系统，方法和程序产品。 电子邮件在路由到邮件服务器的防火墙或路由器上收到。 确定来源是否发送了展示垃圾邮件特征的电子邮件。 作为回应，来自目的地为邮件服务器的源的后续电子邮件在防火墙或路由器上是速率限制的，使得防火墙或路由器限制后续电子邮件从防火墙或路由器转发到邮件的速率 服务器。 速率是预定的，并且小于防火墙或路由器可以在没有速率限制的情况下将电子邮件物理转发到邮件服务器的最大速率。 确定另一个来源是否发送了另一个具有比第一个所述电子邮件更多的垃圾邮件特征的电子邮件。 作为回应，来自其他来源的后续电子邮件在防火墙或路由器上被阻止。 速率限制可以限制从将从防火墙或路由器转发到邮件服务器的源的每单位时间的电子邮件数量。

公开(公告)号：US08176126B2

公开(公告)日：2012-05-08

申请号：US10926641

申请日：2004-08-26

申请人： John Fred Davis ,  Kevin David Himberger ,  Clark Debs Jeffries ,  Garreth Joseph Jeremiah

发明人： John Fred Davis ,  Kevin David Himberger ,  Clark Debs Jeffries ,  Garreth Joseph Jeremiah

IPC分类号： G06F15/16 ,  G06F15/173

CPC分类号： H04L51/12 ,  G06Q10/107

摘要： A system, method and program product for managing e-mails from a source suspected of sending spam. The e-mails are received at a firewall or router en route to a mail server. A determination is made whether a source has sent an e-mail which exhibits characteristics of spam. In response, subsequent e-mails from the source destined for the mail server are rate-limiting at the firewall or router such that the firewall or router limits a rate at which the subsequent e-mails are forwarded from the firewall or router to the mail server. The rate is predetermined and less than a maximum rate at which the firewall or router can physically forward e-mails to the mail server absent the rate limit. A determination is made whether another source has sent another e-mail which exhibits more characteristics of spam than the first said e-mail. In response, subsequent e-mails from this other source are blocked at the firewall or router. The rate limit can be a limit on a number of e-mails per unit of time from the source that will be forwarded from the firewall or router to the mail server.

摘要翻译： 用于管理来自怀疑发送垃圾邮件的来源的电子邮件的系统，方法和程序产品。 电子邮件在路由到邮件服务器的防火墙或路由器上收到。 确定来源是否发送了展示垃圾邮件特征的电子邮件。 作为回应，来自目的地为邮件服务器的源的后续电子邮件在防火墙或路由器上是速率限制的，使得防火墙或路由器限制后续电子邮件从防火墙或路由器转发到邮件的速率 服务器。 速率是预定的，并且小于防火墙或路由器可以在没有速率限制的情况下将电子邮件物理转发到邮件服务器的最大速率。 确定另一个来源是否发送了另一个具有比第一个所述电子邮件更多的垃圾邮件特征的电子邮件。 作为回应，来自其他来源的后续电子邮件在防火墙或路由器上被阻止。 速率限制可以限制从将从防火墙或路由器转发到邮件服务器的源的每单位时间的电子邮件数量。

公开(公告)号：US07617526B2

公开(公告)日：2009-11-10

申请号：US11244993

申请日：2005-10-06

申请人： John Fred Davis ,  Kevin David Himberger ,  Clark Debs Jeffries ,  Garreth Joseph Jeremiah

发明人： John Fred Davis ,  Kevin David Himberger ,  Clark Debs Jeffries ,  Garreth Joseph Jeremiah

IPC分类号： G06F9/00

CPC分类号： H04L63/1458 ,  G06F15/16 ,  H04L51/00 ,  H04L51/12 ,  H04L69/28

摘要： A method of blocking spam at a firewall involves applying blocking measures for an adaptively determined duration. The blocking measure is then suspended while determining whether the spam has ended. If so, the method resets to an initial state. Otherwise, the blocking measure is re-applied for a second duration.

摘要翻译： 在防火墙中阻止垃圾邮件的方法包括对自适应确定的持续时间应用阻塞措施。 然后在确定垃圾邮件是否已结束的同时暂停屏蔽措施。 如果是这样，该方法将重置为初始状态。 否则，阻塞措施将重新应用第二个持续时间。

公开(公告)号：US20120265834A1

公开(公告)日：2012-10-18

申请号：US13532061

申请日：2012-06-25

申请人： John Fred Davis ,  Kevin David Himberger ,  Clark Debs Jeffries ,  Garreth Joseph Jeremiah

发明人： John Fred Davis ,  Kevin David Himberger ,  Clark Debs Jeffries ,  Garreth Joseph Jeremiah

IPC分类号： G06F15/16

CPC分类号： H04L63/0236 ,  H04L51/12 ,  H04L63/0263

摘要： A system, method and program product for blocking unwanted e-mails. An e-mail is identified as unwanted. A source IP address of the unwanted e-mail is determined. Other source IP addresses owned or registered by an owner or registrant of the source IP address of the unwanted e-mail are determined. Subsequent e-mails from the source IP address and the other IP addresses are blocked. This will thwart a spammer who shifts to a new source IP address when its spam is blocked from one source IP address.

摘要翻译： 用于阻止不必要的电子邮件的系统，方法和程序产品。 电子邮件被标识为不需要的。 确定不需要的电子邮件的源IP地址。 确定不想要的电子邮件的源IP地址的所有者或注册人拥有或注册的其他源IP地址。 源IP地址和其他IP地址的后续电子邮件被阻止。 这将阻止一个垃圾邮件发送者转移到新的源IP地址，当其垃圾邮件从一个源IP地址被阻止时。

公开(公告)号：US08423645B2

公开(公告)日：2013-04-16

申请号：US10940558

申请日：2004-09-14

申请人： Clark Debs Jeffries ,  Robert William Danford ,  Terry Dwain Escamilla ,  Kevin David Himberger

发明人： Clark Debs Jeffries ,  Robert William Danford ,  Terry Dwain Escamilla ,  Kevin David Himberger

IPC分类号： G06F15/173 ,  G06F15/16 ,  G06F11/00 ,  G06F12/16 ,  H04L29/06

CPC分类号： G06F21/55 ,  G06F11/349 ,  G06F11/3495 ,  G06F2201/81 ,  H04L63/1416 ,  H04L63/1458 ,  H04L2463/141 ,  H04L2463/144 ,  Y02D10/34

摘要： A method of, system for, and product for managing a denial of service attack in a multiprocessor environment comprising. The first step is establishing normal traffic usage baselines in the multiprocessor environment. Once the baseline is established the next step is monitoring outgoing traffic to detect a high proportion of packets being sent to a specific destination address, and a high number of outbound packets compared to said baseline. Next is monitoring ports and protocols to detect a high proportion of packets sent to a specific port, and a consistent use of a protocol for all packets for that port. If there is such consistent use of a protocol for all packets for that port as to evidence a denial of service attack, blocking measures are started to mitigate the apparent denial of service attack.

摘要翻译： 一种用于在多处理器环境中管理拒绝服务攻击的方法，系统和产品，包括： 第一步是在多处理器环境中建立正常的流量使用基线。 一旦基线建立，下一步就是监测输出流量，以检测发送到特定目的地地址的大部分数据包，以及与所述基线相比较的大量出站分组。 接下来是监控端口和协议，以检测发送到特定端口的大部分数据包，并且一致地使用该端口的所有数据包的协议。 如果对该端口的所有数据包使用协议一致，以证明拒绝服务攻击，就会开始阻止措施来减轻明显的拒绝服务攻击。

公开(公告)号：US07957372B2

公开(公告)日：2011-06-07

申请号：US10896733

申请日：2004-07-22

申请人： Alan David Boulanger ,  Robert William Danford ,  Kevin David Himberger ,  Clark Debs Jeffries

发明人： Alan David Boulanger ,  Robert William Danford ,  Kevin David Himberger ,  Clark Debs Jeffries

IPC分类号： H04L12/28 ,  G06F9/00 ,  G06F11/00

CPC分类号： H04L63/1416 ,  H04L63/1466

摘要： A detection and response system including a set of algorithms for detecting within a stream of normal computer traffic a subset of (should focus on network traffic eliciting a response) TCP or UDP packets with one IP Source Address (SA) value, one or a few Destination Address (DA) values, and a number exceeding a threshold of distinct Destination Port (DP) values. A lookup mechanism such as a Direct Table and Patricia search tree record and trace sets of packets with one SA and one DA as well as the set of DP values observed for the given SA, DA combination. The detection and response system reports the existence of such a subset and the header values including SA, DA, and multiple DPs of the subset. The detection and response system also includes various administrative responses to reports.

摘要翻译： 一种检测和响应系统，包括一组用于在正常计算机业务流内检测的一组算法（应该侧重于引发响应的网络业务）具有一个IP源地址（SA）值的TCP或UDP分组，一个或几个 目标地址（DA）值和超过不同目标端口（DP）值阈值的数字。 一个查找机制，如直接表和帕特里夏搜索树记录，跟踪一组SA和一个DA的数据包以及给定SA，DA组合观察到的一组DP值。 检测和响应系统报告这样的子集的存在以及包括SA，DA和子集的多个DP的标题值。 检测和响应系统还包括对报告的各种管理响应。

公开(公告)号：US07669240B2

公开(公告)日：2010-02-23

申请号：US10896680

申请日：2004-07-22

申请人： Alan David Boulanger ,  Robert William Danford ,  Kevin David Himberger ,  Clark Debs Jeffries

发明人： Alan David Boulanger ,  Robert William Danford ,  Kevin David Himberger ,  Clark Debs Jeffries

IPC分类号： H04L29/02 ,  H04L29/08

CPC分类号： H04L63/145 ,  H04L43/00 ,  H04L63/0236 ,  H04L63/1416

摘要： A detection and response system including a set of algorithms for detection within a stream of normal computer traffic a subset of TCP packets with one IP Source Address (SA), one Destination Port (DP), and a number exceeding a threshold of distinct Destination Addresses (DA). There is efficient use of a lookup mechanism such as a Direct Table and Patricia search tree to record sets of packets with one SA and one DP as well as the set of DA values observed for the given SA, DP combination. The existence of such a subset and the header values including SA, DP, and multiple DAs of the subset are reported to a network administrator. In addition, various administrative responses to reports are provided.

摘要翻译： 一种检测和响应系统，包括用于在正常计算机业务流内检测的一组算法，具有一个IP源地址（SA）的TCP分组的子集，一个目的地端口（DP）以及超过不同目的地址的阈值的数量 （DA）。 有效利用诸如直接表和帕特里夏搜索树之类的查找机制来记录具有一个SA和一个DP的分组集合以及针对给定的SA，DP组合观察到的一组DA值。 这样的子集的存在和包括该子集的SA，DP和多个DA的标题值被报告给网络管理员。 此外，还提供了各种对报告的行政回应。

公开(公告)号：US07657942B2

公开(公告)日：2010-02-02

申请号：US11033436

申请日：2005-01-11

申请人： Kevin David Himberger ,  Clark Debs Jeffries ,  Charles Steven Lingafelt ,  Allen Leonid Roginsky ,  Phillip Singleton

发明人： Kevin David Himberger ,  Clark Debs Jeffries ,  Charles Steven Lingafelt ,  Allen Leonid Roginsky ,  Phillip Singleton

IPC分类号： H04L29/14 ,  G08B23/00

CPC分类号： G06F21/552 ,  G06F21/577 ,  G06Q40/08 ,  G08B21/22

摘要： A method, apparatus, and computer instructions for providing a current and complete security compliance view of an enterprise system. The present invention provides the ability to gain a real-time security posture and security compliance view of an enterprise and to assess the risk impact of known threats and attacks to continued business operations at various levels is provided. Responsive to a change to an enterprise environment, a request, or an external threat, an administrator loads or updates at least one of a Critical Application Operations database, a Historical database, an Access Control database, a Connectivity database, and a Threat database. Based on a comparison of information in the databases against similar security data elements from company or external policies, the administrator may generate a Security Compliance view of the enterprise. A Security Posture view may also be generated by comparing the Security Compliance view against data in the Threat database.

摘要翻译： 一种用于提供企业系统的当前和完整的安全合规性视图的方法，装置和计算机指令。 本发明提供获得企业的实时安全状态和安全合规性视图的能力，并且评估已知威胁和攻击对于各个级别的持续业务操作的风险影响。 响应企业环境，请求或外部威胁的更改，管理员加载或更新关键应用程序操作数据库，历史数据库，访问控制数据库，连接数据库和威胁数据库中的至少一个。 基于数据库中的信息与公司或外部策略中类似的安全数据元素的比较，管理员可以生成企业的安全合规性视图。 通过将安全合规性视图与威胁数据库中的数据进行比较，也可以生成安全性状态视图。